Search This Blog

Posts

Sometimes you'll do a Find for "Entire Solution" (Ctrl + Shift + F is a handy shortcut) and instead of finding anything, the "Find Results" window will immediately display "Find was stopped in progress" with zero results. I usually deal with it by restarting Visual Studio or my computer, but this time I decided to actually look into it. Turns out it was a lot more common than I thought and is apparently a Windows bug, not Visual Studio, and goes way back to 2004.

Anyway, the solution is to click in the "Find Results" dialog so the cursor appears and mash Break, Ctrl+Break, Alt+Break and Ctrl+ScrLock key combos, perhaps while a find is in progress (although mine wasn't and it still worked, but ymmv).

Take a drink when someone seriously brings up the catchphrase "eval is evil" or a variant of it.

Finish all of the drinks if you sincerely think that nobody would ever get malicious code into your database/application that will be happily executed when eval evaluates it and send your client to their phishing duplicate of your login page where they harvest user credentials before redirecting them right back to your application so nobody ever realises what just happened.

Aside:
"Eval is not evil" in the same way that dynamic SQL is not evil. But in this case it's bad, and wrong. JSON.parse is how to parse JSON.

One issue I ran into while using the jQuery UI library along with the jQuery validation plugin in an ASP.NET page is that when the dialog is created, it's moved outside of the page's main form. jQuery validation requires all fields to be validated to be inside a form, so fields in the dialog won't validate, plus if you need to have server-side controls inside of that dialog, there's not a lot you can do to move the dialog or the form. (If you don't have any server-side controls in the form, read skip further down for an alternate solution) Nested forms aren't allowed, and ASP.NET throws an error if you put server-side controls outside the main form. An easy (albeit hacky) solution I found was just to move the dialog and its overlay back inside the form tag after creation:

Today I read about an interesting security vulnerability in Javascript's eval() function that I wasn't aware of previously (which I was naively using to parse JSON data). Open a developer console and try this:

eval("alert('pwned')")
The code is executed! This could perhaps be used to return malformed instructions instead of JSON and do something malicious to the client. However, try this:

JSON.parse("alert('not pwned')")
Notice that it just throws a parsing error, but of course for actual JSON it still produces the correct object. Also, here's a relevant stackoverflow answer.

This morning I was setting up a new workflow process for sending an email to some users and came across a weird bug. When editing the body of an email, everything was fine until I needed to add a dynamic value from the entity to the email's body, and then as soon as I tried to save, this: